Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Microsoft, IBM Team on Spec

A group of companies last week announced a new Web services specification for handling security in Web services environments.

Led by Microsoft Corp. and IBM, a group of companies last week announced a new Web services specification for handling security in Web services environments.

At Burton Group Inc.s Catalyst conference in San Francisco, IBM, Microsoft, BEA Systems Inc., RSA Security Inc. and VeriSign Inc. announced the publication of the Web Services-Federation specification, another in a series of standards IBM and Microsoft outlined in the Web services security road map they co-authored last year.

Karla Norsworthy, director of e-business technology at IBM, in Armonk, N.Y., said WS-Federation enables developers to manage trust relationships across enterprises that use different types of security solutions. "Were announcing the crown jewel of the Web services security road map, the Web Services-Federation specification," said Norsworthy. "These specifications are solutions that hold together Web services security [WS-Security], Trust [WS-Trust], the security part of Policy [WS-Policy] into allowing this kind of federation so that our clients can do successful business process integration and have the security part come easy."

Steven VanRoekel, director of Web services at Microsoft, in Redmond, Wash., said, "From a Microsoft perspective this is the technology that will enable TrustBridge." TrustBridge is Microsofts upcoming technology that will allow organizations to share user identities across business boundaries, officials said. "WS-Federation is built to be extensible to utilize any broad range of identification mechanisms, like Passport, like SAML [Security Assertion Markup Language] or like anything else in between," said VanRoekel.

Further reading

Jason Bloomberg, an analyst with ZapThink LLC, a Cambridge, Mass., market researcher, said a question surrounding WS-Federation is how it will play out alongside the Liberty Alliances ID-Federation Framework.

"Liberty is further along in its work on federation specifications, and there are a good number of companies—in particular, non-IT companies—that back Liberty. Clearly, because identity federation means getting dissimilar identity mechanisms to work together, it doesnt make sense to have more than one identity federation standard," Bloomberg said. "Only time will tell which approach will win out."

And some went even further to call the Microsoft-IBM-led initiative hype. "WS-Federation is designed to tie together independent islands of authentication," said Eugene Kuznetsov, chief technology officer and chairman of DataPower Technology Inc., also in Cambridge. "This is pure marketing; nobody needs this right now. Today enterprises are working with known trading partners with known identity schemes and certificate authorities. This is just another letter for the Web services alphabet soup mix that will tend to confuse more than it will help enterprises struggling to secure their Web services. Businesses need pragmatic and practical solutions to solve the Web services security problem—and there are ways to secure their XML Web services applications today."